About contributing back a fairly big change #66
Comments
|
|
@thomaseizinger so, I've reviewed the entirety of rust-secp-zkp and it looks great, aside from a few nits (I opened some issues on your repo). If you want to replace our crate with this, I'm happy to do so. There are a couple options for how to do this... probably the easiest thing would be for you to overwrite the entirety of our rust-secp-zkp with your tree (you can use This has the unfortunate effect of losing the "is a fork of rust-bitcoin/rust-secp256k1" that you currently have, but we can just re-add that to the README. In my experience having too many layers of Github forks causes problems anyway because there are bugs in Github that cause it to target PRs to the wrong repo. Alternate strategies are:
|
|
First, thank you for the positive response!
That is really interesting! I didn't know about this mode of operation. Are there any test vectors available? I am curious to see if those can still be modeled in a way that makes the IMO more common usecases easier to deal with. I will open a separate issue for this discussion!
We didn't open a bug report but failing to compile to WASM wasn't the only thing that made us decide to go with
That is great, thank you! Given that we were not sure whether or not we can upstream our changes, we took some care to add our stuff in the least invasive way so we can continue to pull from upstream. As you can see from the history, we only added a couple of patches.
If the confusion is the only issue, then we can just delete our repo after everything has been upstreamed? As mentioned above, we only added a couple of patches on top of a quite recent Is your intention to maintain the current history of your repo? If not, then another, IMO fairly easy way would be to Semantically, it is really only three things:
All the other patches are just fixing up stuff where we accidentally broke 1.29 support. We can squash those together so the result is just three patches (or two if (1) is not desired). |
|
cc @jonasnick what are your thoughts here? I don't think we care about the history of our rust-secp-zkp repo, we could just |
|
Thanks for your contribution.
Is there anything wrong with rust-secp256k1-zkp despite being outdated? The main difference seems to be that |
No there isn't! We didn't discover
It would still be good if we could combine our efforts on this front!
That is a good point! When we started this work, it wasn't fully clear how we will end up using it so we just started with a fork. Please also note this discussion regarding literal fork / extension. |
|
Ah that's good to know. Just noticed now that you've updated your lib and by the way I agree that it's a good idea to optimize the lib for "ease of understanding (YMMV) and to prevent misuse as much as possible". Does comit-network/rust-secp256k1-zkp also support nostd? I think it's fine to hard reset elementsproject/rust-secp256k1-zkp and push the current master to some archive branch. Before we do that, it would be ideal if comit-network/rust-secp-zkp would support Schnorr signatures. I don't know of anyone using rust-secp256k1-zkp (and they probably shouldn't) but would be nice to keep that functionality.
Thanks I hadn't seen that ... assuming you mean issue 1. |
Oh I'm seeing now that rust-secp already has bip-340 Schnorr support already merged...nevermind. |
Partly. For the sys crate, only I am not sure if we can get around that in any way? All the other low-level bindings should work in no-std. The higher-level crate makes a few more trade-offs and allocates to provide APIs like this: https://github.com/comit-network/rust-secp256k1-zkp/blob/b2a7d2af2fe2d15c23274bcba767bad7f5a3d4a7/src/zkp/pedersen.rs#L110-L153 These could potentially be optimized if we employ a "Structure of Arrays"-like strategy (potentially at zero cost with something like https://docs.rs/soak/0.2.0/soak/). That would allow us to retain the invariant of "need to provide arrays of generators, tags and secret keys of equal length" while avoiding the copying that we currently have to do to call the C API. This is very much an optimization though and hence I haven't looked into it further. It also requires a fair bit of unsafe code and an additional dependency so I am not sure if it is worth it.
Yes! Sorry about the broken link. I created a new repository and moved the issues over because I didn't want it to be a GitHub fork now that we changed the strategy of how to integrate with rust-secp. Seems like those links are not forwarded now :/ |
|
We will probably change the surjection proof to also be variable-sized in the future. Right now there are consensus limits in Elements because of the fixed size, which I regret. |
No, I think making the high level crate easy-to-use and easy-to-write is the right approach. Before pushing this to ElementsProject/rust-secp-zkp I'll have a closer look at the lib in the new year unless @apoelstra beats me to it. |
|
I replaced rust-secp256k1-zkp with comit-network/rust-secp256k1-zkp. Also opened BlockstreamResearch/rust-secp256k1-zkp#9 in preparation of a release to crates.io. |
|
Just pushed the new version 0.2.0 to crates.io. |
|
Thanks @jonasnick ! |
It does, officially supported as of ElementsProject/libwally-core#249. Instructions are available here: https://github.com/ElementsProject/libwally-core#webassembly |
I should have probably been more specific. We were trying to compile it to WASM using the That rules out emscripten and from what we experienced, emscripten support in Rust is currently completely broken anyway due to symbol naming changes in a recent LLVM version. If I remember correctly, we even managed to compile the provided example to WASM. However, the rest of our code is written in Rust and not being able to integrate with that and compile the whole thing to WASM was a showstopper for us regarding libwally. In the end, digging deeper revealed that specifically for the crypto required to handle CT on Elements, the functionality provided by libwally is just a thin wrappers around libsecp256k1-zkp. As such, there wasn't really any benefit for us in trying to link against libwally so we went for libsecp256k1-zkp directly. |
|
We just opened a PR for integrating Please post your feedback :) |
|
rust-secp-zkp is now part of the ElementsProject org and we're well on our way to tightly integrating it with rust-elements. Thanks so much!! |
Hey everyone,
we've vendored this library here and made some bigger changes across the board, most notably:
TxOuts distinctly as explicit or confidential instead of each individual field: https://github.com/comit-network/droplet/blob/8cb45d3029c4edcf499ae8cc21c98e43829a6d59/elements-fun/src/transaction.rs#L79-L90This model makes expressing nonsensical states like a confidential value with an explicit asset impossible. We've found that quite helpful in trying to wrap our heads around elements. It is quite possible that some edge-cases are not covered but for now all the tests pass.
rust-secp256k1that binds againstlibsecp256k1-zkpto provide all the cryptographic primitives for blinding / unblinding assets etc. This allows us to not have a dependency onlibwally(which doesn't compile to WASM and has kind of quirky APIs). This is not fully complete (see this PR) because we needSigHashCacheto land on master here :DFor now, all of this happens within a single cargo workspace so we don't have to bother with releases. However, we are keen to upstream some of these changes. In particular:
rust-secp256k1potentially replace https://github.com/ElementsProject/rust-secp256k1-zkp? I'd assume we would have to go through some bike-shedding of the APIs as we've currently optimized ours for easy of understanding (YMMV) and to prevent misuse as much as possible at the cost of doing extra allocations for example.Transactions are modeled might be of interest. Similarly, it would take some effort to untangle the changes made there to make them upstreamable because we for example didn't adhere to a MSRV of 1.29.For example, something that would be possible if we can get (1) done is:
secp256k1-zkpto crates.io (it seems that the namesecp256k1-zkpis pointing to https://github.com/ElementsProject/rust-secp256k1-zkp)rust-elementsConfidentialTxOut::unblind()which provides a quite straight-forward API to invoke some decently heavy cryptography.Directly depending on
secp256k1-zkpalso removes a lot of duplicated knowledge like how to parse and serialize generators, pedersen commitments, proofs, etc. Additionally, it allows us to use all this cryptography from WASM which is why we are going through all of this :)Thoughts?
The text was updated successfully, but these errors were encountered: